1 files changed, 50 insertions, 0 deletions

diff --git a/dom/security/test/csp/file_upgrade_insecure_navigation_redirect.sjs b/dom/security/test/csp/file_upgrade_insecure_navigation_redirect.sjs
new file mode 100644
index 0000000000..3f7f8158e0
--- /dev/null
+++ b/dom/security/test/csp/file_upgrade_insecure_navigation_redirect.sjs
@@ -0,0 +1,50 @@
+"use strict";
+
+const FINAL_DOCUMENT = `
+  <html>
+  <body>
+  final document
+  <script>
+  window.onload = function() {
+    let docURI =  document.documentURI;
+    window.opener.parent.postMessage({docURI}, "*");
+    window.close();
+  }
+  </script>
+  </body>
+  </html>`;
+
+function handleRequest(request, response) {
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Content-Type", "text/html", false);
+
+  const query = request.queryString;
+
+  if (query === "same_origin_redirect") {
+    let newLocation =
+      "http://example.com/tests/dom/security/test/csp/file_upgrade_insecure_navigation_redirect.sjs?finaldoc_same_origin_redirect";
+    response.setStatusLine("1.1", 302, "Found");
+    response.setHeader("Location", newLocation, false);
+    return;
+  }
+
+  if (query === "cross_origin_redirect") {
+    let newLocation =
+      "http://test1.example.com/tests/dom/security/test/csp/file_upgrade_insecure_navigation_redirect.sjs?finaldoc_cross_origin_redirect";
+    response.setStatusLine("1.1", 302, "Found");
+    response.setHeader("Location", newLocation, false);
+    return;
+  }
+
+  if (
+    query === "finaldoc_same_origin_redirect" ||
+    query === "finaldoc_cross_origin_redirect"
+  ) {
+    response.write(FINAL_DOCUMENT);
+    return;
+  }
+
+  // we should never get here, but just in case
+  // return something unexpected
+  response.write("do'h");
+}